import threading
import time
-from orchestrator import OrchestratorError
+# from orchestrator import OrchestratorError
from mgr_util import verify_tls_files
from ceph.utils import datetime_now
from ceph.deployment.inventory import Devices
return (cert_str, key_str)
def generate_cert(self, addr: str = '') -> Tuple[str, str]:
+ have_ip = True
if addr:
try:
- ipaddress.IPv4Address(addr)
+ ip = x509.IPAddress(ipaddress.IPv4Address(addr))
except Exception:
- raise OrchestratorError(
- f'Address supplied to build cert ({addr}) is not valid IPv4 address')
+ try:
+ ip = x509.IPAddress(ipaddress.IPv6Address(addr))
+ except Exception:
+ have_ip = False
+ pass
+ else:
+ ip = x509.IPAddress(ipaddress.IPv4Address(self.mgr.get_mgr_ip()))
private_key = rsa.generate_private_key(
public_exponent=65537, key_size=4096, backend=default_backend())
builder = builder.not_valid_after(datetime.now() + timedelta(days=(365 * 10 + 3)))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(public_key)
- builder = builder.add_extension(
- x509.SubjectAlternativeName(
- [x509.IPAddress(ipaddress.IPv4Address(
- addr if addr else str(self.mgr.get_mgr_ip())))]
- ),
- critical=False
- )
+ if have_ip:
+ builder = builder.add_extension(
+ x509.SubjectAlternativeName(
+ [ip]
+ ),
+ critical=False
+ )
builder = builder.add_extension(
x509.BasicConstraints(ca=False, path_length=None), critical=True,
)
root_cert = self.cherrypy_thread.ssl_certs.get_root_cert()
except Exception:
pass
- deps = sorted([self.get_mgr_ip(), str(self.endpoint_port), root_cert,
- str(self.get_module_option('device_enhanced_scan'))])
+ deps = sorted([self.get_mgr_ip(), self.inventory.get_addr(daemon_id), str(self.endpoint_port),
+ root_cert, str(self.get_module_option('device_enhanced_scan'))])
else:
need = {
'prometheus': ['mgr', 'alertmanager', 'node-exporter', 'ingress'],
'listener.key': listener_key,
}
- return config, sorted([str(self.mgr.get_mgr_ip()), str(self.mgr.endpoint_port), self.mgr.cherrypy_thread.ssl_certs.get_root_cert(), str(self.mgr.get_module_option('device_enhanced_scan'))])
+ return config, sorted([str(self.mgr.get_mgr_ip()), self.mgr.inventory.get_addr(daemon_spec.host),
+ str(self.mgr.endpoint_port), self.mgr.cherrypy_thread.ssl_certs.get_root_cert(),
+ str(self.mgr.get_module_option('device_enhanced_scan'))])
projects / ceph.git / commitdiff